Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2015-3370
Cross-site request forgery (CSRF) vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote malicious users to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via...
Node Invite Project Node Invite
312
VMScore
CVE-2015-3372
Cross-site scripting (XSS) vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
Node Invite Project Node Invite
445
VMScore
CVE-2021-23371
This affects the package chrono-node prior to 2.2.4. It hangs on a date-like string with lots of embedded spaces.
Chrono-node Project Chrono-node
NA
CVE-2023-49210
The openssl (aka node-openssl) NPM package up to and including 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects...
Node-openssl Project Node-openssl
668
VMScore
CVE-2020-7609
node-rules including 3.0.0 and before 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
Node-rules Project Node-rules
668
VMScore
CVE-2020-7673
node-extend up to and including 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution.
Node-extend Project Node-extend
NA
CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
Node-import Project Node-import
668
VMScore
CVE-2020-7721
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
Node-oojs Project Node-oojs
668
VMScore
CVE-2020-7785
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.
Node-ps Project Node-ps
NA
CVE-2022-25231
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
Node-opcua Project Node-opcua
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »